Executive Director, Global Cyber Governance, Risk, and Compliance (GRC)

About The Position

Requirements

• Demonstrated experience establishing and leading an enterprise framework for managing cybersecurity and technological risk across multiple regions and business units.
• Proven ability to integrate cyber risk into enterprise risk management processes, aligned with corporate risk appetite and strategic objectives.
• Track record coordinating third-party cyber risk management across suppliers, research partners and technology vendors.
• Ownership of a global cyber regulatory strategy with compliance accountability across jurisdictions, including privacy, data protection, critical infrastructure and life sciences–specific requirements.
• Experience acting as the primary executive interface for cyber-related regulatory examinations, audits and inquiries.
• Evidence of harmonizing compliance controls across regions while maintaining local regulatory adherence.
• Governance oversight of cyber resilience programs, including incident readiness, crisis management and recovery planning.
• Expertise ensuring control design and effectiveness for cyber and IT controls, including ongoing assurance, testing and continuous improvement.
• Experience designing, leading and maturing global cyber risk governance forums and executive risk committees.
• Ability to translate complex technical and regulatory risks into clear, actionable insights for senior executives and the Board, with concise, high-impact reporting.
• Validated leadership building, leading and developing a globally distributed team of cyber GRC professionals.
• Experience serving as a trusted advisor to CISO, CIO, enterprise risk leadership, compliance, legal and senior business executives.
• Credibility representing an organization externally with regulators, industry bodies and peer companies.
• Bachelor’s degree required; advanced degree preferred (e.g., MBA, MS, JD).
• 15+ years of progressive experience in cyber security, IT risk, governance, risk, and/or compliance roles.

Nice To Haves

• Experience in highly regulated, science-driven industries such as biopharma, healthcare or critical infrastructure.
• Strong familiarity with global regulatory frameworks and standards (e.g., GDPR and other privacy laws, NIS2, HIPAA, FDA/EMA expectations, ISO/IEC 27001/27701, SOC 2).
• Board-level communication and storytelling that link risk to enterprise value and patient impact.
• Leadership of large-scale control transformation or control harmonization initiatives across regions.
• Depth in third-party and supply chain cyber risk, including cloud/SaaS, data platforms and research collaborations.
• Professional certifications such as CISSP, CISM, CRISC, CIPP/E, CIPM or equivalent executive-level credentials.
• Experience aligning cyber resilience with enterprise business continuity and technology recovery programs.

Responsibilities

• Lead the organization-wide information security and technology risk framework spanning all locations and business se Prioritize the most meaningful risks and drive treatment plans to closure.
• Lead all aspects of the worldwide cyber regulatory approach and ensure it meets laws, regulations, and standards. This includes confidentiality, information security, crucial infrastructure, and requirements outstanding to the life sciences sector across jurisdictions.
• Third-Party Risk Governance: Coordinate the management of cyber risk controls for vendors, academic collaborators, and technology service providers, safeguarding the extended ecosystem vital to global operations.
• Cyber Resilience Oversight: Provide governance for incident preparedness, crisis response coordination, and recovery preparation; ensure cohesive, end-to-end resilience outcomes with security operations, technology, legal, privacy and business continuity teams.
• Control Assurance and Ongoing Improvement: Ensure the build and efficiency of cybersecurity and information technology safeguards through continuous validation, evaluation, and detailed improvement.
• Build, lead, and advance international cyber risk oversight groups and senior risk advisory panels. Drive cross-functional decisions that align with the organization's risk tolerance and strategic goals.
• Communicate detailed engineering and compliance risk into clear choices for top leadership as well as the Board. Deliver concise, high-impact reports on posture, trends, and material exposures.
• Act as a reliable consultant to the heads of information security, information technology, risk and compliance functions, and legal partners. Represent the company in interactions with regulatory agencies, professional associations, and peer organizations.
• Distributed Team Leadership: Build, lead and develop a high-performing, distributed cyber GRC team with clear mission, measurable outcomes and strong succession.
• Business Enablement: Incorporate cyber risk within broader enterprise risk management to reduce friction, increase confidence and enable faster, safer delivery of scientific and commercial outcomes.

Benefits

• Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans.